(G)UFW and Windows Network file/printer sharing

Asked by Tye on 2009-05-27


I have been using Ubuntu for a while now and am fairly adapted to it, however, while trying to figure out how to configure GUFW I found myself staring blankly at it. here is my problem.

I want to use (G)UFW but I also want to be able to use file/print sharing services on my network. I attempted to add:

'' to allow all on the very first tab but this did not work, I receive 'unable to mount' errors while attempting to open the network in Nautilus

from '' to '' in the third tab but alas, this did not work either.

my router assigns different addresses to the different interfaces when they renew so I need to unblock the entire range ( and am unsure what ports to unblock. I did a google search but that failed to produce results.

perhaps in a future release you could include 'Samba' or 'file/print sharing' in the 'services' drop-down :D

Question information

English Edit question
Gufw Edit question
No assignee Edit question
Solved by:
Last query:
Last reply:
Tye (tye3ow) said : #1

I lied, the first one didnt work (0/16) it just wouldn't accept it.

Tye (tye3ow) said : #2

the netbios one was the one I tried to add first I believe when I got the initial unable to mount error

Emilio (turl) said : #3

For now, you can do "sudo ufw allow Samba" on console if you have samba installed. I don't know how you can achieve this in Gufw though, the new Gufw doesn't support the "ufw app" system. Maybe fill in a bug so it gets implemented? :)

Tim (tkeesling) said : #4

This thread looks a bit older but I was having the same problem after installing Guwf. I added the 192.168.**.* to 192.168.**.* in the third tab and also enabled the netbios from the second tab drop down menu. I still had the mount error when trying to access the windows network. I manually typed in the address to the machine I was trying to reach like this: smb://192.168.**.** and walala... it came up with all my shared folders on that system and I could access them. Not sure how to enable it to use the network icon of the windows network but at least I can still use the firewall and access my other computers. I am also using the latest Ubuntu version at the time of this writing and running Gnome. Hope this helps a bit.


costales (costales) said : #5

Some rules overwrite others (older to newer), maybe you have closed the port...?
Do you close your samba access?
Best regards.

Tim (tkeesling) said : #6

Well, that could be a possibility! Actually was having trouble with samba itself. So, I un-installed the samba package and reinstalled and used Webmin to configure samba and I finally got Samba working correctly. Can access computers from my Linux box and can access my Linux box from my Windose machines. I added some rules manually to ufw through the Linux shell: sudo ufw allow proto....... and so on. I did have the Gufw program running at the same time. I would disable Gufw and then re-enable and the rules showed up. I can clearly see that I was not entering my rules properly in my Gufw. So now I still have access both ways with my computers, Linux to Windows and Windows to Linux with firewall enabled. I still have a problem with the firewall blocking access when I access my dropdown menu from the Gnome desktop panel: Places/Network. It does pull up the folder and shows the network icon but when you click on the network icon it does not show anything at all and it should be showing my workgroup. I do know that when clicking on the network icon it accesses smb:/// . Now here is the funny part, I can access all my computers through direct access by typing in smb://nameofcomputer/nameoffoldershare/ and so on. So I really don't think it is blocking samba all together. My thinking is that there may be one more port I need to open possibly so I can access the workgroup. I just don't know which one. Any help on this would be appreciated. Maybe someone else will learn something from this post as well.


costales (costales) said : #7

Hi! ;) Really THANKS TO YOU for use GNU/Linux!
You did a great investigation work!

jmfa (jmfa) said : #8


I've installed gufw on the 9.04 ubuntu. I've oppened all the samba port for tcp and udp (135-139 and 445) for the broadcasting ip (as my network is on and it dosen't work. Before, I've tried firestarter wich worked well on existing connection but not with a new one. Iptables is very difficult to configure and in my opinion, the GUI inteface are not so good to simply the task. Samba on my network is ok without a firewall.



Neilor (neil-roche) said : #9

From the shell enter :

sudo ufw allow Samba
sudo ufw allow from any app Samba

These rules will then show up when you load Gufw.

If you want to delete the rules (current Gufw wont delete the rules):

sudo ufw delete allow Samba
sudo ufw delete allow from any app Samba

And if you want to re-add the rules with ip range/subnet specified:

sudo ufw allow to any app Samba
sudo ufw allow from any app Samba to

(Deleting is achieved by putting delete before allow on the two commands)

The app Samba option uses ufw supplied application support to open the 4 samba ports... check the ufw man pages for details. I open both directions on the firewall for my desktop as I need to open shares/printers up, if your configuring a server you could probably get away with just the first command in the sets of 2 above.

Hope this helps


jmfa (jmfa) said : #10


sudo ufw delete allow Samba
sudo ufw delete allow from any app Samba

Samba sharing is ok.

but with:
sudo ufw allow to any app Samba or sudo ufw allow from any app Samba to

I have the error message: ERROR: Nombre d'arguments incorrect (too many arguments)

Thank you


Neilor (neil-roche) said : #11

Hi Jean-Marc,

I think you've got mixed up with the IPv4 notation for the allowed IP range/Subnet

Check the wiki page for details : http://en.wikipedia.org/wiki/Ipv4

Looking at what you had above it looks like you were trying to restrict to to if you use this will only allow any IP's in the range - having subnets (this is the /24)

If you want to narrow it down to the .1 to .30 addresses then I think you'll need to put in 30 different ufw commands.


jmfa (jmfa) said : #12

Hi Neilor,

I've tried to put sudo ufw allow to any app Samba
and I've got directly the same error message: ERROR: Nombre d'arguments incorrect (incorrect argument number)
so the argument put in the ufw command are not ok for my package ufw ? I'm now on ubuntu 9.1 64bits
I look at the ufw man page and try other command but I have error message or ufw stop connection with samba


Neilor (neil-roche) said : #13

Apologies Jean-Marc, the correct syntax needs a "from":

sudo ufw allow from to any app Samba

jmfa (jmfa) said : #14

Ok Neilor,

with this syntax it's work fine !!

Thank you


cement_head (andorjkiss) said : #15


Yaron Sheffer (yaronf) said : #16

I am on Maverick. Until now I have had to disable the firewall from gufw every time I access a Windows share/printer (otherwise I get "Cannot Mount" from Nautilus).

Using the instructions in this thread I finally managed to have the firewall enabled AND Windows shares accessible at the same time, BUT there was a bit more magic involved.

UFW appears to be mispackaged in Maverick, and only has one application profile included. I had to download the app profiles from http://jhansonxi.blogspot.com/2010/10/ufw-application-profiles.html (follow the link "download them all from here"), extract the file and put the profiles under /etc/ufw/applications.d/. Then:

sudo ufw enable
sudo ufw allow samba
sudo ufw allow from any app samba

Good luck!

costales (costales) said : #17

Hi! I'm sorry the delay. Gufw in Ubuntu 12.10 will open the samba port from "anywhere". I think this will fix this problem.
Thanks really much!

Tye (tye3ow) said : #18

I completely forgot about this, I only use UFW now but here are my ufw rules

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

     To Action From
     -- ------ ----
[ 1] Anywhere ALLOW IN
[ 2] 137:139,445/tcp ALLOW IN
[ 3] 137:139,445/udp ALLOW IN
[ 4] 8100 ALLOW IN
[ 5] 8118 ALLOW IN
[ 6] 8000 ALLOW IN

1 is for loopback, 2 and 3 are for SAMBA, 4 is for deluged's web interface, 5 is for Polipo (on loopback) + Privoxy (exposed), 6 is for SSH

I still have to set up rules for my network printer and my router's log events but I just switched from Ubuntu-32bit to Ubuntu-64bit and then moved so my setup is incomplete